From cc04f143dcd35fb67884e385ffd3e6ed2d32a4c2 Mon Sep 17 00:00:00 2001
From: Jelmer Vernooij <jelmer@samba.org>
Date: Sun, 2 Dec 2007 19:04:33 +0100
Subject: r26229: Set loadparm context as opaque pointer in ldb, remove more
 uses of global_loadparm. (This used to be commit
 37d05fdc7b0e6b3211ba6ae56b1b5da30a6a392a)

---
 source4/auth/auth_server.c                   |  8 ++++----
 source4/auth/auth_unix.c                     |  6 +++---
 source4/auth/auth_util.c                     |  2 +-
 source4/auth/credentials/credentials_files.c | 11 ++++++-----
 source4/auth/session.c                       |  1 +
 5 files changed, 15 insertions(+), 13 deletions(-)

(limited to 'source4/auth')

diff --git a/source4/auth/auth_server.c b/source4/auth/auth_server.c
index 6502564dca..d391793bd9 100644
--- a/source4/auth/auth_server.c
+++ b/source4/auth/auth_server.c
@@ -24,7 +24,7 @@
  Support for server level security.
 ****************************************************************************/
 
-static struct smbcli_state *server_cryptkey(TALLOC_CTX *mem_ctx)
+static struct smbcli_state *server_cryptkey(TALLOC_CTX *mem_ctx, int maxprotocol)
 {
 	struct smbcli_state *cli = NULL;
 	fstring desthost;
@@ -92,7 +92,7 @@ static struct smbcli_state *server_cryptkey(TALLOC_CTX *mem_ctx)
 	
 	DEBUG(3,("got session\n"));
 
-	if (!smbcli_negprot(cli, lp_cli_maxprotocol(global_loadparm))) {
+	if (!smbcli_negprot(cli, maxprotocol)) {
 		DEBUG(1,("%s rejected the negprot\n",desthost));
 		release_server_mutex();
 		talloc_free(cli);
@@ -148,7 +148,7 @@ static DATA_BLOB auth_get_challenge_server(const struct auth_context *auth_conte
 					   void **my_private_data, 
 					   TALLOC_CTX *mem_ctx)
 {
-	struct smbcli_state *cli = server_cryptkey(mem_ctx);
+	struct smbcli_state *cli = server_cryptkey(mem_ctx, lp_cli_maxprotocol(auth_context->lp_ctx));
 	
 	if (cli) {
 		DEBUG(3,("using password server validation\n"));
@@ -215,7 +215,7 @@ static NTSTATUS check_smbserver_security(const struct auth_context *auth_context
 	
 	if (cli) {
 	} else {
-		cli = server_cryptkey(mem_ctx);
+		cli = server_cryptkey(mem_ctx, lp_cli_maxprotocol(auth_context->lp_ctx));
 		locally_made_cli = true;
 	}
 
diff --git a/source4/auth/auth_unix.c b/source4/auth/auth_unix.c
index 9efbe5dc12..fac04fd735 100644
--- a/source4/auth/auth_unix.c
+++ b/source4/auth/auth_unix.c
@@ -308,7 +308,7 @@ static NTSTATUS smb_pam_end(pam_handle_t *pamh)
 /*
  * PAM Authentication Handler
  */
-static NTSTATUS smb_pam_auth(pam_handle_t *pamh, const char *user)
+static NTSTATUS smb_pam_auth(pam_handle_t *pamh, bool allow_null_passwords, const char *user)
 {
 	int pam_error;
 
@@ -319,7 +319,7 @@ static NTSTATUS smb_pam_auth(pam_handle_t *pamh, const char *user)
 	
 	DEBUG(4,("smb_pam_auth: PAM: Authenticate User: %s\n", user));
 
-	pam_error = pam_authenticate(pamh, PAM_SILENT | lp_null_passwords(global_loadparm) ? 0 : PAM_DISALLOW_NULL_AUTHTOK);
+	pam_error = pam_authenticate(pamh, PAM_SILENT | allow_null_passwords ? 0 : PAM_DISALLOW_NULL_AUTHTOK);
 	switch( pam_error ){
 		case PAM_AUTH_ERR:
 			DEBUG(2, ("smb_pam_auth: PAM: Authentication Error for user %s\n", user));
@@ -461,7 +461,7 @@ static NTSTATUS check_unix_password(TALLOC_CTX *ctx, struct loadparm_context *lp
 		return nt_status;
 	}
 
-	nt_status = smb_pam_auth(pamh, user_info->mapped.account_name);
+	nt_status = smb_pam_auth(pamh, lp_null_passwords(lp_ctx), user_info->mapped.account_name);
 	if (!NT_STATUS_IS_OK(nt_status)) {
 		smb_pam_end(pamh);
 		return nt_status;
diff --git a/source4/auth/auth_util.c b/source4/auth/auth_util.c
index 9110fc1b97..c3ecfece39 100644
--- a/source4/auth/auth_util.c
+++ b/source4/auth/auth_util.c
@@ -58,7 +58,7 @@ NTSTATUS map_user_info(TALLOC_CTX *mem_ctx,
 	}
 	
 	/* don't allow "" as a domain, fixes a Win9X bug 
-	   where it doens't supply a domain for logon script
+	   where it doesn't supply a domain for logon script
 	   'net use' commands.                                 */
 
 	/* Split user@realm names into user and realm components.  This is TODO to fix with proper userprincipalname support */
diff --git a/source4/auth/credentials/credentials_files.c b/source4/auth/credentials/credentials_files.c
index 2d850956e2..f3f73f7fb1 100644
--- a/source4/auth/credentials/credentials_files.c
+++ b/source4/auth/credentials/credentials_files.c
@@ -169,6 +169,7 @@ bool cli_credentials_parse_file(struct cli_credentials *cred, const char *file,
  * @retval NTSTATUS error detailing any failure
  */
 NTSTATUS cli_credentials_set_secrets(struct cli_credentials *cred, 
+				     struct loadparm_context *lp_ctx,
 				     struct ldb_context *ldb,
 				     const char *base,
 				     const char *filter)
@@ -212,7 +213,7 @@ NTSTATUS cli_credentials_set_secrets(struct cli_credentials *cred,
 
 	if (!ldb) {
 		/* Local secrets are stored in secrets.ldb */
-		ldb = secrets_db_connect(mem_ctx, global_loadparm);
+		ldb = secrets_db_connect(mem_ctx, lp_ctx);
 		if (!ldb) {
 			/* set anonymous as the fallback, if the machine account won't work */
 			cli_credentials_set_anonymous(cred);
@@ -308,7 +309,7 @@ NTSTATUS cli_credentials_set_secrets(struct cli_credentials *cred,
 	} else {
 		keytab = ldb_msg_find_attr_as_string(msgs[0], "privateKeytab", NULL);
 		if (keytab) {
-			keytab = talloc_asprintf(mem_ctx, "FILE:%s", private_path(mem_ctx, global_loadparm, keytab));
+			keytab = talloc_asprintf(mem_ctx, "FILE:%s", private_path(mem_ctx, lp_ctx, keytab));
 			if (keytab) {
 				cli_credentials_set_keytab_name(cred, keytab, CRED_SPECIFIED);
 			}
@@ -334,7 +335,7 @@ NTSTATUS cli_credentials_set_machine_account(struct cli_credentials *cred)
 	cred->machine_account_pending = false;
 	filter = talloc_asprintf(cred, SECRETS_PRIMARY_DOMAIN_FILTER, 
 				       cli_credentials_get_domain(cred));
-	return cli_credentials_set_secrets(cred, NULL, SECRETS_PRIMARY_DOMAIN_DN,
+	return cli_credentials_set_secrets(cred, global_loadparm, NULL, SECRETS_PRIMARY_DOMAIN_DN,
 					   filter);
 }
 
@@ -354,7 +355,7 @@ NTSTATUS cli_credentials_set_krbtgt(struct cli_credentials *cred)
 	filter = talloc_asprintf(cred, SECRETS_KRBTGT_SEARCH,
 				       cli_credentials_get_realm(cred),
 				       cli_credentials_get_domain(cred));
-	return cli_credentials_set_secrets(cred, NULL, SECRETS_PRINCIPALS_DN,
+	return cli_credentials_set_secrets(cred, global_loadparm, NULL, SECRETS_PRINCIPALS_DN,
 					   filter);
 }
 
@@ -376,7 +377,7 @@ NTSTATUS cli_credentials_set_stored_principal(struct cli_credentials *cred,
 				 cli_credentials_get_realm(cred),
 				 cli_credentials_get_domain(cred),
 				 serviceprincipal);
-	return cli_credentials_set_secrets(cred, NULL, SECRETS_PRINCIPALS_DN,
+	return cli_credentials_set_secrets(cred, global_loadparm, NULL, SECRETS_PRINCIPALS_DN,
 					   filter);
 }
 
diff --git a/source4/auth/session.c b/source4/auth/session.c
index 1a87e98bed..259f52ac5c 100644
--- a/source4/auth/session.c
+++ b/source4/auth/session.c
@@ -161,6 +161,7 @@ NTSTATUS auth_generate_session_info(TALLOC_CTX *mem_ctx,
 	session_info->session_key = server_info->user_session_key;
 
 	nt_status = security_token_create(session_info,
+					  global_loadparm,
 					  server_info->account_sid,
 					  server_info->primary_group_sid,
 					  server_info->n_domain_groups,
-- 
cgit